Why DoT’s SIM-binding directive raises concerns of regulatory overreach | Technology News

Whereas former telecom minister Ashwini Vaishnaw had, on the time, clarified publicly to the media that OTTs should not underneath the ambit of the regulation, attorneys stated that the brand new directive suggests in any other case.

“The directive does signify an expansive interpretation of the DoT’s energy because it successfully entails regulation of on-line messaging apps akin to WhatsApp and Sign. Historically, this has been underneath MeitY’s jurisdiction, and I believe there’s jurisdictional overreach right here,” Vrinda Bhandari, Advocate-on-record, Supreme Court docket of India, advised The Indian Categorical.

Aishwarya Kaushiq, Companion, BTG Advaya, additionally stated that the directive opens the door to a wider declare of jurisdiction, “because it treats any service utilizing a cellular quantity as falling inside the DoT’s cyber-security framework.” “A extra cheap view could possibly be that the DoT’s powers ought to keep restricted to true telecom-identifier safety points, and shouldn’t be used to manage how unrelated digital companies work internally, which can have better ramifications,” he added.

The telecom division stated that it despatched notices to WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, Jiochat, and Sign on November 28, requiring them to make sure that a consumer’s SIM card is “repeatedly” linked to their accounts. Which means customers can be unable to entry these apps on gadgets that don’t comprise the energetic SIM linked to their profiles.

Moreover, customers of companion net cases (akin to WhatsApp Net) can be logged out each six hours and made to re-link their accounts utilizing QR codes. The measure, which seeks to curb rising digital fraud within the nation, has raised a number of issues amongst customers, digital rights advocates and different stakeholders who concern the directive threatens customers’ privateness and complicates entry for these utilizing messaging platforms throughout a number of gadgets, particularly in skilled set-ups.

“Steady SIM-binding would create a major threat for presumption that the SIM card-holder is chargeable for fraudulent exercise on their account, and the burden can be on the consumer to displace that presumption. If this takes the type of a prison trial, then the method itself is the punishment,” Bhandari stated.

Consultants have additionally flagged technical hurdles in implementation of SIM-binding, which messaging apps could not be capable to do on their very own. “Whereas SIM-binding straight targets high-volume, automated fraud—significantly artificial id assaults in buyer onboarding processes—it represents a static protection that may be simply bypassed or turn into a nuisance for reliable customers if not expertly carried out,” Apeksha Kaushik, Principal Analyst, Gartner, advised The Indian Categorical. 

Authorized foundation of the directive

For the reason that Telecommunications Act, 2023, partially went into impact in June 2024, the DoT has been progressively notifying numerous units of guidelines to place key components of the revamped telecom legislative framework into motion. They cowl vital features akin to web shutdowns, cybersecurity, lawful surveillance, and establishing of telecom infrastructure within the nation, amongst others.

In October 2025, the DoT notified the Telecommunications (Telecom Cyber Safety) Modification Guidelines, 2025, which paved the way in which for the creation of a Cell Quantity Validation (MNV) platform to confirm telecom identifiers like cellphone numbers. It additionally launched a brand new compliance class known as Telecommunication Identifier Person Entities (TIUEs) outlined as “an individual, apart from a licensee or authorised entity, which makes use of telecommunication identifiers for the identification of its prospects or customers, or for provisioning, or supply of companies.”

The DoT notices despatched to WhatsApp and others mandating SIM-binding have been issued underneath these Guidelines.

“The Telecom Act, 2023 and the Telecom Cyber Safety (TCS) Guidelines give the DoT some authority to problem security-related instructions to entities that use telecom identifiers, together with app-based messaging platforms. This offers a foundation for requiring sure safeguards round phone-number–primarily based registrations,” Kaushiq stated.

“On the similar time, the Guidelines don’t expressly point out measures like steady SIM-binding, which straight have an effect on how these apps operate and the way customers entry them throughout gadgets,” he stated.

When requested concerning the three-month compliance timeline, Bhandari stated, “There isn’t any set authorized normal for what’s a suitable timeline to implement a authorities directive. For example, the DPDP (Digital Private Knowledge Safety) Guidelines give 18 months. Nevertheless, I do assume that the brief timelines are problematic given absolutely the lack of public session.”

Funds versus messaging apps

In 2021, State Financial institution of India (SBI) launched a SIM-binding characteristic for its cellular app customers, and most banking apps in India have SIM-binding enabled. Moreover, the Securities and Change Board of India (SEBI) has proposed to mandate an analogous requirement to reign in fraudulent buying and selling.

To notice, safety consultants have stated that UPI and banking apps don’t carry out true SIM-binding resulting from technical challenges; as a substitute they depend on a type of device-binding. Whereas the RBI has mandated device-binding for all regulated entities, the Nationwide Funds Company of India is alleged to take care of a whitelist of UPI apps that adjust to its guidelines on SIM- and device-binding.

“The DoT’s directive additionally creates a de facto whitelist since solely messaging apps that implement SIM-binding and associated safety necessities will proceed to operate for Indian customers, successfully limiting the market to compliant platforms,” Kaushiq stated.

“Nevertheless, in contrast to the NPCI mannequin within the UPI ecosystem, which entails an express, revealed record of authorised apps, the DoT has not created a proper approval or permission record. As a substitute, it has imposed uniform compliance circumstances that not directly produce the identical impact,” he added.

Telcos versus OTT gamers

Telecom operators in India have all the time supported the necessity for SIM-binding. Welcoming the brand new directive as a “first-in-the-world regulatory measure” to stop cyber fraud, the Mobile Operators Affiliation of India (COAI), which represents all three non-public telcos, stated, “Such steady linkage ensures full accountability and traceability for any exercise undertaken by the SIM card and its related Communication App, thereby closing long-persistent gaps which have enabled anonymity and misuse.”

The telecom business physique additional urged the DoT to make sure that app-based communication companies implement “most doable mitigation of dangers for subscribers throughout all communication channels.”

Nevertheless, the directive has emerged as one other entrance for a standoff between telcos and OTT gamers within the nation.

The Broadband India Discussion board (BIF), an business physique that represents main expertise companies like Meta, Google, and others, flagged “severe issues” over the directive and urged the DoT to “pause the present implementation timelines, open a proper stakeholder session, represent a technical working group of OS suppliers, TIUEs, licensees, and safety consultants, and finally undertake a risk-based and proportionate framework in keeping with constitutional requirements of necessity and least intrusive means.”